16 Dec
2005
16 Dec
'05
9:15 p.m.
Alexander Gall wrote:
DNS is specified to work over UDP and TCP. A resolver is not strictly required to use UDP for a query. One situation where TCP is used has been described already (after receiving a truncated response).
And remember that this "trick" (DNS man-in-the-middle sending back a response with the TC bit set to force a real TCP 3-way-handshake) is used by some DDoS mitigation devices to detect forged queries and protect DNS servers. If your resolver is firewalled too heavily, you may not be able to access some "protected" sites.
Nico.
--
Nicolas FISCHBACH (nico@securite.org) http://www.securite.org/nico/
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/